#ifndef __SQL_H__
  #define __SQL_H__

#include <string>
#include <map>
#include <algorithm>

using namespace std;

//! Prepared SQL statement

/*!
A simple implementation for prepared sql statements. Simple SQL injections will be avoided this way.

Implementation date: 2007

Usage:

\code
sql s("SELECT * FROM Table1 WHERE id=? AND NAME=?;");
s.set_value(0, "17", false);
s.set_value(1, "John", true);

string str_tmp;
s.to_string(str_tmp);
\endcode
*/

class sql {
private:
  map<unsigned short, string> values;
  string statement;
  bool use_null; // use null instead of empty string

public:

  //! sets the value of the given index
  /*!
  if the value contains ';' then sql_injection_exception will be thrown.
  index is zero-based.
  set_value(index, "<NULL>", false); sets the value to SQL NULL.
  set_value(index, "null", false); sets the value to null.
  set_value(index, "NULL", false); sets the value to NULL.
  */
  void set_value(unsigned short index, const string &value, bool use_apostrophe);

  //! sets the item at given index to SQL NULL (the same as set_value(index, "<NULL>", false);)
  void set_null(unsigned short index);

  //! returns the result in a string format
  string &to_string(string &output) const;

  //! constructor
  /*!
  first parameter is the sql statement as a string. if use_null is true,
  then empty values will be treatet as NULL values instead of empty strings
  */
  sql(const string &s, bool use_null = true);

  //! destructor (non-virtual: please do not inherit from this class)
  ~sql();
}; // class sql

#endif
